Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress 3.1.2 Multiple Vulnerabilities (3.0.1 - 3.1.2)

Description

WordPress is prone to multiple vulnerabilities, including arbitrary file upload, information disclosure, clickjacking and possibly SQL injection. Exploiting these issues may allow an attacker to upload arbitrary code and run it in the context of the webserver process, which may facilitate unauthorized access or privilege escalation, to obtain sensitive information that may help in launching further attacks or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress versions prior to 3.1.3 are vulnerable.

Remediation

Update to WordPress version 3.1.3 or latest

References

http://www.securityfocus.com/bid/47995/exploit

http://www.morningstarsecurity.com/downloads/advisories/Security-Assessment.com%20WordPress%20v3.1.2%20Clickjacking%20Advisory.txt

https://wordpress.org/news/2011/05/wordpress-3-1-3/

Related Vulnerabilities

Werkzeug WSGI Out-of-bounds Write Vulnerability (CVE-2023-46136)

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.2.4)

Oracle JRE Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3174)

phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2011-2643)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-4306)

Severity

High

Classification

CVE-2011-3122 CVE-2011-3125 CVE-2011-3126 CVE-2011-3127 CVE-2011-3128 CVE-2011-3129 CVE-2011-3130 CWE-89 CWE-200 CWE-264 CWE-693 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update